Questions tagged [java-security-manager]
69 questions
1
vote
1 answer
How to prevent Lambda expressions defined in a Java agent break the application it is attached to?
If I declare this advice in my agent:
public static class SequenceAdvice {
@Advice.OnMethodEnter
static void enter(@Advice.This Object thiz,
@Advice.Origin Method method,
@Advice.AllArguments…
Behrang
- 46,888
- 25
- 118
- 160
1
vote
1 answer
Setting up keystore programmatically before getting default SSL context
I am in the impression that once I set system properties when I get SSLContext.getDefault() should return me SSLContext with those set properties. In the following case should be with specified keyStore. Unfortunately that's not what is happening.…
Sagar
- 5,315
- 6
- 37
- 66
1
vote
0 answers
Elastic Search AllPermission security manager issue during start
I am running elastic search with non loop-back IP (production mode) on Windows.
To run ES, I am forking it out (elasticsearch.bat) from a Java app using ProcessBuilder.
However, it is giving me following error:
[2018-09-15T00:04:42,617][INFO…
NumeroUno
- 1,100
- 2
- 14
- 34
1
vote
1 answer
spring properties file behaviour when value not in environment file
We are running on spring boot version 1.5.10
JDK : 1.8.0.52
Our gradle file has the entry
compile group: 'org.springframework.security', name: 'spring-security-web', version: '4.2.3.RELEASE'
We have disabled it in our application.properites…
jibsonline
- 11
- 5
1
vote
1 answer
How to "hide" sensitive system properties like passwords set by Java applications?
I am maintaining an existing Java product (which has a HUGE code-base). I discovered that it is setting (and getting) two of its internal passwords as Java system properties, at no less than 4-5 different places (methods). Now, the problem is, the…
Subhayan Mukherjee
- 11
- 2
1
vote
2 answers
Java Security Manager checkExec
I'm having an issue trying to implement a security check in the Java Security Manager.
I seem to have misunderstood the purpose of the checkExec() method in the security manager. I thought it would get called when my application tries to invoke…
walker
- 55
- 1
- 1
- 7
0
votes
0 answers
Geoserver 2.21.4 not deploying with Security Manager on JBoss EAP 7.4.9 when upgrading from Java 8 to Java 11
I am trying to deploy GeoServer 2.21.4 in JBoss EAP 7.4.9 with Java 11. The GeoServer application fails to deploy when Java Security Manager is turned on.
I have been using the same Geoserver/JBoss versions on Java 8 successfully with Java Security…
tungpham
- 1
- 1
0
votes
0 answers
AccessControlException for newly created File
I'm having trouble understanding/ignorant to an error I'm facing regarding the security manager and a file created solely by the running application so wondering if people can provide some insight. This started happening after I started using the…
user3842274
- 21
- 6
0
votes
0 answers
Errors in my java security manager policy - which permission needed
I am trying to lock down a Java program using the security manager.
It provides a lot of guidance to you in the error state to tell you want it failed on.
I am down to three issue that don't show up as any "access denied" errors that come with the…
SRJ
- 189
- 3
- 15
0
votes
1 answer
java.security.policy and RMI - classpath issue
I have an app that uses RMI and works when I have the security policy set to
//
// Allow everything for now
//
permission java.security.AllPermission;
But, when I try to lock it down with the policy below, I get this exception - which makes me…
SRJ
- 189
- 3
- 15
0
votes
0 answers
Getting errors related to java security-manager + ExpiringCache.java
We are using wildfly-9.01. I am getting error/caused while executing action:
Caused by: java.lang.ArrayIndexOutOfBoundsException: 200
at java.io.ExpiringCache.cleanup(ExpiringCache.java:120)
at…
Bhanu PS Kushwah
- 69
- 8
0
votes
1 answer
Surefire marks tests as failed when they set SecurityManager
I have some tests that need to check if the main code did a System.exit(...). This works very nicely with suggestions from https://stackoverflow.com/a/309427/1023341. But when running these tests in Jenkins (in stead of in my IDE Eclipse) and later…
gkephorus
- 1,232
- 18
- 31
0
votes
0 answers
Restricting certain public APIs/classes to users in java
I have a application where users can write their customizations using the exposed public APIs.
There are few public classes and API that are public but we don't want them to be accessible in the customization code for the users.
Is there any way in…
user1300073
- 11
- 2
0
votes
0 answers
what is loophole in java programming?
i'm just try to understand what is the meaning of loophole in programming and i searched and some web result shows that it is releted to low level security.
i read this to understand but i couldn't able to understand this link
and i found this on…
Shanti Lal Prajapat
- 31
- 7
0
votes
1 answer
CustomAuthenticationMechanism obtains none callerGroups after called identityStoreHandler.validate
I am trying to create a custom authentication.
When I
I made a simple identityStore that validate every user as guest with rols AF_ADMIN and AF_USER.
CustomAuthenticationMechanism is called when login but the CredentialValidationResult from…
Joe
- 7,749
- 19
- 60
- 110